Spatial-Temporal Attention Network for Malware Detection Using Micro-architecture Features

Malware detection is an imperative topic in computer security, since an evolutional malware will cause serious damage to computer system and user privacy information security. In recent years, some researchers began to utilize low-level hardware micro-architecture features to detect malware, because these micro-architecture features are difficult for malware evasion. However, these methods always adopt a long sample length and can hardly identify non-signature malware. This situation will inevitably affect the detection efficiency and effectiveness. To solve the above problems, we first select system call instruction as a trigger point to extract low-level features for avoiding blindly collecting unrelated data continuously. Specifically, we use the General-Purpose Registers (GPRs) as features for malware detection. Each register has specific functions and changes of its content contain the action information which thus can be used to detect illegal behaviours. To improve detection efficiency, we then propose a resampling method to well present the spatial and temporal properties of GPRs. Finally, a novel deep learning model is designed to highlight correlations among GPRs for accurate malware detection. Experimental results achieved 99% of Accuracy and zero False Positive rate (FPr) using only a short sample length and can also identify non-signature malware.

[1]  Michael Hirsch,et al.  Learning Face Deblurring Fast and Wide , 2018, 2018 IEEE/CVF Conference on Computer Vision and Pattern Recognition Workshops (CVPRW).

[2]  Vincent Dumoulin,et al.  Deconvolution and Checkerboard Artifacts , 2016 .

[3]  Carsten Willems,et al.  Automatic analysis of malware behavior using machine learning , 2011, J. Comput. Secur..

[4]  M. Ghiasi,et al.  Dynamic malware detection using registers values set analysis , 2012, 2012 9th International ISC Conference on Information Security and Cryptology.

[5]  Alva Erwin,et al.  Analysis of Machine learning Techniques Used in Behavior-Based Malware Detection , 2010, 2010 Second International Conference on Advances in Computing, Control, and Telecommunication Technologies.

[6]  Salvatore J. Stolfo,et al.  On the feasibility of online malware detection with performance counters , 2013, ISCA.

[7]  Ali Dehghantanha,et al.  A deep Recurrent Neural Network based approach for Internet of Things malware threat hunting , 2018, Future Gener. Comput. Syst..

[8]  Jürgen Schmidhuber,et al.  Long Short-Term Memory , 1997, Neural Computation.

[9]  Harish Patil,et al.  Pin: building customized program analysis tools with dynamic instrumentation , 2005, PLDI '05.

[10]  Martín Abadi,et al.  TensorFlow: Large-Scale Machine Learning on Heterogeneous Distributed Systems , 2016, ArXiv.

[11]  Yoseba K. Penya,et al.  Idea: Opcode-Sequence-Based Malware Detection , 2010, ESSoS.

[12]  Peter Martini,et al.  Classification and detection of metamorphic malware using value set analysis , 2009, 2009 4th International Conference on Malicious and Unwanted Software (MALWARE).

[13]  Gang Sun,et al.  Squeeze-and-Excitation Networks , 2017, 2018 IEEE/CVF Conference on Computer Vision and Pattern Recognition.

[14]  Tae Hyun Kim,et al.  Deep Multi-scale Convolutional Neural Network for Dynamic Scene Deblurring , 2016, 2017 IEEE Conference on Computer Vision and Pattern Recognition (CVPR).

[15]  Andrew Walenstein,et al.  The Software Similarity Problem in Malware Analysis , 2006, Duplication, Redundancy, and Similarity in Software.

[16]  Latifur Khan,et al.  A Machine Learning Approach to Android Malware Detection , 2012, 2012 European Intelligence and Security Informatics Conference.

[17]  K. P. Soman,et al.  Detecting Android malware using Long Short-term Memory (LSTM) , 2018, J. Intell. Fuzzy Syst..

[18]  Witawas Srisa-an,et al.  Significant Permission Identification for Machine-Learning-Based Android Malware Detection , 2018, IEEE Transactions on Industrial Informatics.

[19]  Dit-Yan Yeung,et al.  Convolutional LSTM Network: A Machine Learning Approach for Precipitation Nowcasting , 2015, NIPS.

[20]  Nael B. Abu-Ghazaleh,et al.  Malware-aware processors: A framework for efficient online malware detection , 2015, 2015 IEEE 21st International Symposium on High Performance Computer Architecture (HPCA).

[21]  Nael B. Abu-Ghazaleh,et al.  Hardware-Based Malware Detection Using Low-Level Architectural Features , 2016, IEEE Transactions on Computers.

[22]  Yang Wang,et al.  Malware Classification with Deep Convolutional Neural Networks , 2018, 2018 9th IFIP International Conference on New Technologies, Mobility and Security (NTMS).

[23]  Benny Pinkas,et al.  Adversarial Examples on Discrete Sequences for Beating Whole-Binary Malware Detection , 2018, ArXiv.

[24]  Salvatore J. Stolfo,et al.  Unsupervised Anomaly-Based Malware Detection Using Hardware Features , 2014, RAID.

[25]  Meltem Ozsoy,et al.  EnsembleHMD: Accurate Hardware Malware Detectors with Specialized Ensemble Classifiers , 2020, IEEE Transactions on Dependable and Secure Computing.

[26]  Ah Chung Tsoi,et al.  Face recognition: a convolutional neural-network approach , 1997, IEEE Trans. Neural Networks.

[27]  Houman Homayoun,et al.  Customized Machine Learning-Based Hardware-Assisted Malware Detection in Embedded Devices , 2018, 2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE).

[28]  Andrew H. Sung,et al.  Static analyzer of vicious executables (SAVE) , 2004, 20th Annual Computer Security Applications Conference.

[29]  Yang Xiang,et al.  Malware Variant Detection Using Similarity Search over Sets of Control Flow Graphs , 2011, 2011IEEE 10th International Conference on Trust, Security and Privacy in Computing and Communications.

[30]  Sangjin Lee,et al.  Research on the Classification Model of Similarity Malware using Fuzzy Hash , 2012 .

[31]  Geir Olav Dyrkolbotn,et al.  Multinomial malware classification via low-level features , 2018, Digit. Investig..